Red Hat Satellite Capsule reporting SELinux errors after upgrade
Issue
-
Red Hat Satellite Capsules are reporting SELinux errors mentioned below after Upgrade:
SELinux is preventing /usr/bin/python3.9 from module_request access on the system labeled kernel_t. ***** Plugin disable_ipv6 (53.1 confidence) suggests ********************** If you want to disable IPV6 on this machine Then you need to set /proc/sys/net/ipv6/conf/all/disable_ipv6 to 1 and do not blacklist the module' Do add net.ipv6.conf.all.disable_ipv6 = 1 to /etc/sysctl.conf ***** Plugin catchall_boolean (42.6 confidence) suggests ****************** If you want to allow domain to kernel load modules Then you must tell SELinux about this by enabling the 'domain_kernel_load_modules' boolean. Do setsebool -P domain_kernel_load_modules 1 ***** Plugin catchall (5.76 confidence) suggests ************************** If you believe that python3.9 should be allowed module_request access on system labeled kernel_t by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'gunicorn' --raw | audit2allow -M my-gunicorn # semodule -X 300 -i my-gunicorn.ppRaw Audit Messages type=AVC msg=audit(1730898925.545:2588): avc: denied { module_request } for pid=3704 comm="gunicorn" kmod="net-pf-10" scontext=system_u:system_r:pulpcore_server_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system permissive=1 type=SYSCALL msg=audit(1730898925.545:2588): arch=x86_64 syscall=socket success=no exit=EAFNOSUPPORT a0=a a1=80002 a2=0 a3=0 items=0 ppid=1564 pid=3704 auid=4294967295 uid=1027 gid=1023 euid=1027 suid=1027 fsuid=1027 egid=1023 sgid=1023 fsgid=1023 tty=(none) ses=4294967295 comm=gunicorn exe=/usr/bin/python3.9 subj=system_u:system_r:pulpcore_server_t:s0 key=(null) Hash: gunicorn,pulpcore_server_t,kernel_t,system,module_request
Environment
- Red Hat Satellite Capsule 6
- Red Hat Enterprise Linux 8
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.